In my previous post I guided you through a list of steps required to build, send and handle response from Adaptive Cards as Actionable Messages in Outlook. Let me now tell you, how to secure the response.
Recently I started playing around with the Nintex O365 Workflow REST API (http://help.nintex.com/en-us/sdks/sdko365/). Although not everything is possible (as saving new workflows), because web request action does not support passing of binary strings and cuts off null bytes (0x00), so the passed file is found by the API as incorrect BUT first thing I faced during my exercise was: HOW TO OBTAIN FedAuth security cookie?
I read articles, reviewed Stackverflow forums and similar looking for an answer how to achieve it using JavaScript. I was a bit upset with the results but then I found this precious article: Remote authentication in SharePoint Online | … And All That JS and everything went clear on how to obtain the cookie inside Nintex Workflow.
The following post is showing how to obtain 3 important security variables, that SharePoint requires from requester to “trust”: